During the last couple of days I've attempted to set up a functional CAS server (Jasig CAS) on Ubuntu 10.10. I installed Tomcat 6 and set up (server.xml) it for SSL port 8443:

<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443"

server_cert.pem, server_key.pem are self-signed x509 certificates. Further, I produced a x509v3 certificate for any home windows test server (apache2 - xampp) (both servers have been in exactly the same LAN and also have the Insolvency practitioners 10...*) . these certificate is set up in the java keystore (cacerts) that is situated within the java directory. Since I Have had always issues with the "alternative subject title" within the client certificate I made use of a long version from the openssl config file to produce it.

The apache2 ssl config file looks the following:

<IfModule ssl_module>
SSLEngine on

DocumentRoot c:/xampp/htdocs
SSLProtocol -all +SSLv3
SSLCertificateFile C:/xampp/ssl/certs/powercomputer_cert.pem
SSLCertificateKeyFile C:/xampp/ssl/private/powercomputer_key.pem
SSLCACertificateFile C:/xampp/ssl/certs/ca_cert.pem

SSL connections are focusing on both servers (examined by utilizing IE and opera).

Now comes hard task. I made use of a module known as phpCAS, designed in php, around the home windows machine to talk with the CAS server. The module transmits a callback hyperlink to the CAS server and also the server transmits a proxy ticket back etc. etc.

BUT I wasn't in a position to ensure a legitimate SSL handshake between both servers. openssl -s_client -connect... for servers it didn't show any errors and so i debugged the entire SSL handshake (here is simply the relevant part):


* ServerHelloDone

* ClientKeyExchange, RSA PreMasterSecret, SSLv3 http-apr-8443-professional-3, WRITE: SSLv3 Handshake, length = 132 SESSION

KEYGEN: PreMaster Secret: 0000: 03 00 78 96 8F EE D3 4A 2F A8 CC F8 F9 D7 2F CB ..x....J/...../. 0010: 9E 3A 58 66 43 0E D5 49 3C 8A B0 three dimensional 3F 2C 89 A0 .:XfC..I<..=?,.. 0020: BC E2 B2 12 F8 D9 55 73 F2 2C 1F CC 81 80 94 22 ......Us.,....." CONNECTION KEYGEN: Client Nonce: 0000: 4E D1 94 Erectile dysfunction 32 7F FA 72 40 3C 43 C8 05 E2 62 D0 N...2..r@ 91 E2 D0 1C 90 three dimensional 30 DD ..nW6.......=. Master Secret: 0000: EB 25 F0 A2 A3 FF 37 06 BB 79 41 C5 E5 07 1C 64 .%....7..yA....d 0010: 77 66 A3 37 71 97 63 AF DB A2 79 47 85 E2 9C 74 wf.7q.c...yG...t 0020: 5F 14 three dimensional 26 57 E8 AD 9B A1 7C AC 33 00 04 4A E0 _.=&W......3..J. Client MAC write Secret: 0000: C9 20 BF A5 A6 2B C1 DA A8 4E 93 E0 P 76 06 53 . ...+...N...v.S Server MAC write Secret: 0000: 66 77 5A 3E BD E7 19 55 A4 80 1E E6 8A 9E 2A 5E fwZ>...U......*^ Client write key: 0000: 58 D1 29 38 13 D8 83 EF 4F BD 7A 18 C8 35 D7 B4 X.)8....O.z..5.. Server write key: 0000: 3A 7B 6A 6E 66 E9 E1 42 A4 3C C3 19 D0 7F 21 FF :.jnf..B.<....!. ... no IV employed for this cipher

http-apr-8443-professional-3, WRITE: SSLv3 Change Cipher Spec, length = 1

* Finished verify_data:

* http-apr-8443-professional-3, WRITE: SSLv3 Handshake, length = 56 http-apr-8443-professional-3, READ: SSLv3 Alert, length = 2

http-apr-8443-professional-3, RECV SSLv3 ALERT: fatal, bad_record_mac

http-apr-8443-professional-3, known as closeSocket() http-apr-8443-professional-3,

handling exception: javax.internet.ssl.SSLException: Received fatal alert:

bad_record_mac 2011-11-27 02:39:57,315 ERROR

[org.jasig.cas.util.HttpClient] -

bad_record_mac> javax.internet.ssl.SSLException: Received fatal alert:

bad_record_mac at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at ....

I didn't find any solution within the last couple of days and I truly do not have access to an idea what's the problem. btw I forced using SSLv3.

Thanks greatly for just about any suggestions.